USN-1479-1: FFmpeg vulnerabilities

Ubuntu Security Notice USN-1479-1

ffmpeg vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.04 LTS

Summary

FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

ffmpeg
- multimedia player, server and encoder

Details

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectlyhandled certain malformed DV files. If a user were tricked into opening acrafted DV file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. (CVE-2011-3929, CVE-2011-3936)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectlyhandled certain malformed NSV files. If a user were tricked into opening acrafted NSV file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. (CVE-2011-3940)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectlyhandled certain malformed MJPEG-B files. If a user were tricked intoopening a crafted MJPEG-B file, an attacker could cause a denial of servicevia application crash, or possibly execute arbitrary code with theprivileges of the user invoking the program. (CVE-2011-3947)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectlyhandled certain malformed DPCM files. If a user were tricked into opening acrafted DPCM file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. (CVE-2011-3951)

Mateusz Jurczyk and Gynvael Coldwind discovered that FFmpeg incorrectlyhandled certain malformed KMVC files. If a user were tricked into opening acrafted KMVC file, an attacker could cause a denial of service viaapplication crash, or possibly execute arbitrary code with the privilegesof the user invoking the program. (CVE-2011-3952)

It was discovered that FFmpeg incorrectly handled certain malformed H.264files. If a user were tricked into opening a crafted H.264 file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2012-0851)

It was discovered that FFmpeg incorrectly handled certain malformed ADPCMfiles. If a user were tricked into opening a crafted ADPCM file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2012-0852)

It was discovered that FFmpeg incorrectly handled certain malformed Atrac 3files. If a user were tricked into opening a crafted Atrac 3 file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2012-0853)

It was discovered that FFmpeg incorrectly handled certain malformed Shortenfiles. If a user were tricked into opening a crafted Shorten file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2012-0858)

It was discovered that FFmpeg incorrectly handled certain malformed Vorbisfiles. If a user were tricked into opening a crafted Vorbis file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2012-0859)

Fabian Yamaguchi discovered that FFmpeg incorrectly handled certainmalformed VQA files. If a user were tricked into opening a crafted VQAfile, an attacker could cause a denial of service via application crash, orpossibly execute arbitrary code with the privileges of the user invokingthe program. (CVE-2012-0947)

Update instructions

The problem can be corrected by updating your system to the following
package version: